At 08:17 AM 06/28/02 -0700, Andrew Lord wrote:
>A number of the changes we have discussed have been integrated into the
>script (dictionary.cgi, shown below) and while previously I had believed it
>to be working correctly, I hadn't realised that the script now accesses only
> a generic/default index ('index.swish') located in the same directory as the
> script itself (ie in cgi-bin).
Right. You need to pass in the list of index files into makewordlist().
But, do not use data from the web form directly in the call to swish:
>sub makewordlist {
..
..
> open( $fh, "$swish -k $letter|" ) or
> die "Failed to run '$swish -k $letter': $!";
That open call passes the command through the shell. So you do not want
any thing unsafe passed there.
So make sure that every index passed in is a valid index file:
my @valid_indexes = qw/ index1 index2 index3 index4 /;
for my $index_file ( @index_files_passed_from_form ) {
die "bad index file '$index_file'"
unless grep { $_ eq $index_file } @valid_indexes;
}
I didn't look very long but I didn't really understand how you are getting
your list of OK index files. Anyway, here's a few comments.
@sections = glob("$swishdir/*.conf");
foreach $section (@sections){
open CONF,$section;
while(<CONF>){
if (/^IndexFile\s(.*)$/){
IndexFile may be spelled indexfile.
Your match pattern of (.*) means that it can match nothing. I'd think you
would want to be more specific like ([a-zA-Z0-9.]+). If there might be
quotes then need to strip those, too, but I'd have to see what the input
data can look like first.
$indexfile = $1;
$parts{$indexfile} = $1;
I don't get this: $parts{index1} = 'index1'; why assign a hash value the
same as its key?
}
if (/^IndexName\s(.*)$/){
$indexname = $1;
$indexname =~ s/"//g;
$parts{$indexfile} = $indexname;
Where's $indexfile defined? You assuming that it was set on a previous
line in the config file. It's not required to be in that order in swish
config files.
# ReplaceRules should no longer be quoted for this to work
s|["']||g; # if they still are they're trimmed
if( m|ReplaceRules\sreplace\s(\S*)\s(\S*)|i){
$replace{$2} = $1;
}
What's the use of the above?
--
Bill Moseley
mailto:moseley@hank.org